Chapter 5 – PC Board Components, Upgrades, and Add-ons
Multi-Tech RouteFinder RF650VPN User Guide
188
RouteFinder Maintenance
This section covers issues related to routinely maintaining the RouteFinder, including:
·
Housekeeping,
·
Monitoring, and
·
Updating.
Housekeeping
Housekeeping includes the on-going list of tasks that you need to perform to keep your environment safe
and clean. The three main housekeeping tasks that you'll need to revisit periodically are:
·
System backups – This includes regular backups of RouteFinder configurations and reporting logs.
Much of the system backup effort can be done automatically on the RouteFinder (refer to the
System|Backup section in Chapter 3 of this manual).
·
Accounts management – Includes adding new accounts correctly, deleting old ones promptly, and
changing passwords regularly. You should arrange to get termination notification when someone
leaves your organization (e.g., for your company's full-time and contract employees, or your
university's graduating students). This should involve managing Certification and Key expiration
dates, maintaining current e-mail address(es) for alerts and notifications (e.g., from System|Settings),
as well as maintaining the overall WebAdmin password from System|Settings.
Shared Secret Maintenance – Most secure protocols provide for mutual authentication (server-to-
client and client-to-server). Most ways of doing this are based on the same process: each side
"proves" that it can decrypt a value that only the "authentic" participant can know.
This secret could be the private half of a public key / private key pair, or it could be a key used along
with a symmetric algorithm. In both authentication methods each side sends the other an
'unpredictable' value, then gets it back in a form that proves that the other side was able to decrypt it.
Public key cryptography provides excellent data protection, but it's fairly slow. A convenient method
is to use a temporary key (AKA, a session key) for most transactions, and then destroy the session
key when the transaction is completed. Here, a secure protocol negotiates a session key that is used
for a single transaction. The session key is still unpredictable and secure, but takes a lot less time to
generate. However, when using the temporary (session) key method, it becomes important for the
administrator to quickly and systematically destroy the shared secrets once they are used. Using
partial perfect forwarding secrecy the shared secret is destroyed after a set period of time. When
using perfect secret forwarding, the administrator is responsible for destroying used shared secrets.
·
Disk space management – Includes timely 'cleanup' of random program and data files to avoid
wondering if a program is a leftover from a previous user, or a required program needed for a new
install, or a program that an intruder left behind as a 'present' for someone to open. Eliminating
unneeded files will allow more room on the hard drive for important logs and reports.
·
Shared Secret Maintenance – Authentication keys need to be unpredictable, and random numbers
can often be necessarily involved. You’ll want to change authentication keys often, since the longer a
key is used, the more likely it is to be discovered or accidentally disclosed.
